Dropbox for business Secure, alternatives?

[andrewb007]

I am an IT administrator/support for a small Organisation and we have dropbox users storing and sharing data (some of it could be confidential or sensitive). I was wondering if any one should be storing confidential or sensitive information in Dropbox. I have heard there are many security holes in it.

tell me what you think?

alternative? onedrive for business?

[Void-Byte]

If you absolutely have to use a cloud based storage solution I'd highly recommend Google Team Drive. Not only is it the same price as Dropbox but they also provide you with company email addresses ($10/u/m). They have a full suite of tools to protect your information and you can control all aspects of your data. You can lock types of files, restrict access based on domain, and even restrict the downloading/copying of documents. 

My company used to utilize dropbox but it's FARRRRRRR too easy for a user to mess everything up for everyone.

-PsyNeu

[RandyCooper]

I do not trust cloud storages at all. I think there is always the possibility that someone will steal your data, but nobody would like that.

[NoExecute]

(Taking on the tinfoil hat)

Maybe it's just me being paranoid here, but storing confidential data offsite (3rd party provider), and no encryption. No way, no matter who it is.

For a small organisation, I would say, privately owned and run server, LUKS drives, and SSHFS, with gpg as an extra layer for individual file encryption.
Some realtime monitoring for file read/write (Inotify), and you're on your way :)

 Depending on the workstations, LUKS and LUKS-Nuke option, maybe try looking into luks-TPM or opengpg smartcards and luks, and you're well on your way to something secure :)

(Taking off the tinfoil hat again)

 

[WaterRide]

Dropbox and Google are cloud storage providers that can do what they want with your data as I've experienced with companies I work for.  They also do not assist with investigations resulting to misuse of user log-in too.

[DocDizzy]

I also agree with building a personal cloud for your organization. It's a little more costly up front but there are many advantages. First you won't be forced to comply with another companies terms of service. One MAJOR issue with using any vendor cloud storage option is knowing where your data is physically stored. My manager and I were tasked with this project at my job. Realize that many vendors have written in their agreement that once the data is on their server that they own it.  This is a major legal issue. It's crazy actually. Depending on where they are storing your info is extr6 important, and there are a crap ton of lawsuits against major cloud service providers right now due to lack of transparency. Wherever your data is stored you're forced to comply with local law. So different states, even counties within the states need to be researched. What if it's stored overseas? We are a finance management company for multiple companies. Obviously we have full personal financial information on the customers of the vendors whom we support. You can imagine why our law department requires vary detailed info on the physical storage location.  Read this. 

 

https://www.greenhousedata.com/blog/legal-battles-over-local-data-why-your-cloud-location-matters

It's not very well known, but it's a major issue. An example is Facebook. A lawsuit against them storing all users info I believe it was in San Fran meant they owned anything posted. They addressed the issue by moving their server to a different country so this is no longer true. They are probably the best example as the lawsuits are many, and unlike Google, Amazon and Microsoft; Facebook has become transparent. 

 

Another situation to take into account. Ransomware attacks are growing in numbers. What if the server location is attacked? It's happened with insurance agencies. Billing info client accounts, any info like policies were held for ransom.  One company had to push all their customers payment to the next month causing double charge for that month and the previous. So what happens if where your data is stored is attacked? Suddenly you can't access any of that info. How long will you be down? What's the companies disaster recovery plan for this? 

Lots to think about until standards are set, but currently there are none. Go local for now. 

 

Bookmark this page. In my opinion everyone should have this page bookmarked for recovery situations.

 

https://www.nomoreransom.org/en/decryption-tools.html

It's updated very quickly, but obviously the newest needs to be cracked before they can provide fixes.  But it's a priceless resource I feel. 

 

Good luck. 

[Ittechpros]

You can create a free private cloud with internal and external live doc access with a few pieces.

Spin up a freenas box (typically old server that you beef up on the cheap)

https://www.freenas.org/

Setup you vdevs and lagg

Create multiple storage pool

Fire up multiple jails on one storage pool

Load Ubuntu on that jail which is the same thing as a VM per say or a container it's storage with its own pid.

On that Ubuntu instance load OwnCloud

https://websiteforstudents.com/installing-owncloud-on-ubuntu-17-04-17-10-with-apache2-mariadb-and-php/

If you so desire to also do live editing of any of the resources on your shared storage either internal or cloud without relying on a MS Office license you can use OnlyOffice.

What this means is people can open say a word doc from your own cloud using Onlyoffice on your iPhone iPad laptop and start editing it right there on the fly.

 

Once you complete this you now have your own cloud. I would highly suggest using multiple network connections on your freenas and splitting them up on sepearte switches and enabling lagg functionality on those switch ports. This will really give you redundancy and speed up multiple people using multiple resources efficiently.

Another piece is ensuring your locking down that traffic either by encrypting your traffic using OwnCloud and also creating your firewall rules, vlans, possible DMZ etc.

 

[wildposer]

Dropbox isn't secure at all.

Have heard of SYNC? 

It provides security to cloud business data.

[digininja]

@wildposer Please elaborate on that statement about Dropbox

[wildposer]

I really love dropbox business model and affiliate program.

[INFOTRACE]

On 8/6/2018 at 1:21 PM, WaterRide said:

Dropbox and Google are cloud storage providers that can do what they want with your data as I've experienced with companies I work for.  They also do not assist with investigations resulting to misuse of user log-in too.

Agree with your views. 🔥So, which one would you recommend? 😎

[John1950]

I don't like the idea of cloud storage.  We use a product from Micro Focus called Filr  https://www.microfocus.com/en-us/products/filr/overview

Filr allows us to uses existing in house file servers and storage and allow users to share select files and folders with outside collaborators.  This was used heavily by our architects and legal departments.

[Void-Byte]

On 8/6/2018 at 5:21 AM, WaterRide said:

Dropbox and Google are cloud storage providers that can do what they want with your data as I've experienced with companies I work for.  They also do not assist with investigations resulting to misuse of user log-in too.

Your statement might be a far bit out of date, but Google will in fact assist in investigating user activities. We've had them assist us a few times especially when we kept getting alerts about failed login attempts from abnormal IPs (ended up being a VPN). Google Suite is a very common cloud based solution for storage/email/etc. Also, to respond to your first statement about "do what they want with your data" that has a very specific scope. 

[Guest]

On 4/24/2018 at 1:10 AM, andrewb007 said:

alternative? onedrive for business?

For security and encryption in a business setting (end to end encryption), then Tresorit may be your best option (https://tresorit.com/). We have been testing it for a client, and I think it is a solid product. It is similar to Dropbox, but has a slightly different way of doing things that take a while to get your head around - but once you do, it seems to make sense. A bit more expensive than Dropbox though.